CLAIMS 



What is claimed is: 



1 1. A method for securely creating an endorsement certificate for a device in an insecure 

2 environment, said method comprising: 

3 generating for a valid device an endorsement key pair that includes a private key and a 

4 public key, wherein said private key is not public readable; 

5 creating a non-public, secure value that is provided to both a plurality of valid devices 

6 and a credential server; 

7 verifying by utilizing said non-public, secure value that an endorsement key of said valid 

8 device is a valid endorsement key of said endorsement key pair that was generated during 

9 manufactured of said valid device, wherein a function of a first copy of said non-public, secure 

10 value within said credential server matches a similar function of a second copy of said non- 

1 1 public, secure value associated with the endorsement key received at the credential server; and 

12 inserting an endorsement certificate into said device to indicate that said device is an 

13 approved device by an OEM (original equipment manufacturer) of the device. 

1 2. The method of Claim 1, wherein said non-public, secure value is a secret number (secret) 

2 and said method further comprises forwarding a first copy of said secret via a secure 

3 communication medium to said credential server. 

1 3. The method of Claim 2, further comprising: 

2 hashing a second copy of said secret with a public key from said endorsement key pair; 

3 combining a first hash result from said hashing step with the public key to create the 

4 endorsement key (EK); and 

5 forwarding said EK to said credential server to initiate a credential process. 

1 4. The method of Claim 3, said verifying step further comprising: 

2 receiving said EK from said device at the credential server; 

3 hashing the public key within the received EK with the first copy of said secret received 
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4 

5 
6 



during said forwarding step to provide a second hashed value; 

comparing the first hashed value from within the EK with the second hash value; and 
confirming said EK is from a valid device when said comparing step results in a match. 



1 5. The method of Claim 1, wherein following said verifying step said method further 

2 comprises: 

3 initially storing the credential in a database of said credential server; 

4 monitoring for a request from a customer to provide said certificate to said device; and 

5 following a receipt of said customer request, transmitting said certificate to said device to 

6 be inserted within the device. 

1 6. The method of Claim 1, wherein said endorsement certificate is once-writeable public- 

2 readable and is utilized for signing said public key during communication from and to said 

3 device. 

1 7. The method of Claim 1, wherein said value is injected into said device, and said value is 

2 a single-use parameter, said method further comprising immediately destroying said value within 

3 said device following a creation of said EK. 

1 8. The method of Claim 1, wherein said credential server is remotely located from a vendor 

2 manufacturing said device and said method comprises communicating said value from said 

3 device to said credential server via a secure communication medium. 

1 9. The method of Claim 1, wherein the value is a first value that is provided to a first set of 

2 said plurality of valid devices and a second set of said plurality of valid devices are provided a 

3 second value, based on a pre-defined method for determining when to change said first value to 

4 said second value from among: a passage of a pre-set amount of device manufacturing time and a 

5 preset number of manufactured devices from among the plurality of valid devices. 

1 10. The method of Claim 1, wherein said device is a trusted platform module (TPM). 
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1 11. 



A TPM device manufactured and authenticated according to the steps of Claim 1 . 



1 12. A data processing system comprising: 

2 a processor; 

3 a trusted platform module (TPM) chip; 

4 a bus for interconnecting said processor and said TPM chip; 

5 a network interface with communication means for connecting said TPM to a secure 

6 credential server; and 

7 means, whereby said TPM is able to verify an endorsement key pair as being a valid pair 



8 generated within said TPM by utilizing a secure, private, single-use value inserted by a TPM 

9 vendor into the TPM during manufacture of the TPM. 



1 13. The data processing system of Claim 12, wherein said means for verifying an 



2 endorsement key pair further comprises: 

3 means for packaging a public value of said endorsement key pair and a hash of said value 

4 into an endorsement key (EK); and 

5 means for forwarding said EK to said credential server, wherein said credential server 

6 returns an endorsement certificate only when the EK was generated within the TPM as 

7 confirmed by a comparison of the hashed value with a calculated hashed value at the credential 

8 server. 

1 14. A data processing system utilized for issuing endorsement certificates, comprising: 

2 a processor; 

3 a memory couple to said processor via an interconnect; 

4 a security mechanism for ensuring optimum security of processes within said data 

5 processing system; 

6 input/output mechanism for receiving a first value received from a TPM vendor for 

7 utilization during a credential process for a specific group of manufactured TPM devices; and 

8 secure communication means for receiving an endorsement key (EK) requesting issuance 

9 of an endorsement certificate, wherein said EK comprises a public endorsement key and a 



10 second value provided for verifying that said EK was generated from within one of said 

1 1 manufactured TPM devices ; and 

12 program means for determining, by utilizing said second value, when said EK is a valid 

13 EK of an endorsement key pair that was generated within one of said manufactured TPM 

14 devices. 

1 15. The data processing system of Claim 14, further comprising means for generating a 

2 certificate only when said EK is determined to be a valid EK. 

1 16. The data processing system of Claim 14, further comprising: 

2 recording when a request for EK certificate fails; and 

3 tracking each failed request to identify TPM vendors with greater than a pre-established 

4 number of failures; and 

' 5 messaging said TPM vendors to update their security procedures. 

1 17. A system for securely creating an endorsement certificate for a device in an insecure 

2 environment, said system comprising: 

3 means for generating for a valid device an endorsement key pair that includes a private 

4 key and a public key, wherein said private key is not public readable; 

5 means for creating a non-public, secure value that is provided to both a plurality of valid 

6 devices and a credential server; 

7 means for verifying by utilizing said non-public, secure value that an endorsement key of 

8 said valid device is a valid endorsement key of said endorsement key pair that was generated 

9 during manufacture of said valid device, wherein a function of a first copy of said non-public, 

10 secure value within said credential server matches a similar function of a second copy of said 

1 1 non-public, secure value associated with the endorsement key received at the credential server; 

12 and 

13 means for inserting an endorsement certificate into said device to indicate that said device 

14 is an approved device by an OEM (original equipment manufacturer) of the device wherein said 

15 inserting is completed only when said verifying step is confirmed. 
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1 18. The system of Claim 17, wherein said non-public, secure value is a secret number (secret) 

2 and said system further comprises means for forwarding a first copy of said secret via a secure 

3 communication medium to said credential server. 

1 19. The system of Claim 18, further comprising: 

2 means for hashing a second copy of said secret with a public key from said endorsement 

3 key pair; 

4 means for combining a first hash result from said hashing step with the public key to 

5 create the endorsement key (EK); and 

6 means for forwarding said EK to said credential server to initiate a credential process. 

1 20. The system of Claim 19, said verifying means further comprising: 

2 means for receiving said EK from said device at the credential server; 

3 means for hashing the public key within the received EK with the first copy of said secret 

4 received during said forwarding step to provide a second hashed value; 

5 means for comparing the first hashed value from within the EK with the second hash 

6 value; and 

7 means for confirming said EK is from a valid device when said comparing step results in 

8 a match. 

1 21. The system of Claim 17, wherein following said verifying said system further comprises: 

2 means for initially storing the credential in a database of said credential server; 

3 means for monitoring for a request from a customer to provide said certificate to said 

4 device; and 

5 means for following a receipt of said customer request, transmitting said certificate to 

6 said device to be inserted within the device. 

1 22. The system of Claim 17, wherein said endorsement certificate is once-writeable public- 

2 readable and is utilized for signing said public key during communication from, and to said 



3 device. 



1 23. The system of Claim 17, wherein said value is injecting into said device, and said value is 

2 a single-use parameter, said system further comprising means for immediately destroying said 

3 value within said device following a creation of said EK. 

1 24. The system of Claim 17, wherein said credential server is remotely located from a vendor 

2 manufacturing said device and said system comprises means for communicating said value from 

3 said device to said credential server via a secure communication medium. 

1 25. The system of Claim 17, wherein the value is a first value that is provided to a first set of 

2 said plurality of valid devices and a second set of said plurality of valid devices are provided a 

3 second value, based on a pre-defined system for determining when to change said first value to 

4 said second value from among: 

5 expiration of a pre-set amount of device manufacturing time; and 

6 manufacture of a preset number of devices from among the plurality of valid devices. 
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